diff --git a/.github/workflows/custom-artifact.yml b/.github/workflows/custom-artifact.yml new file mode 100644 index 000000000..74e6d3092 --- /dev/null +++ b/.github/workflows/custom-artifact.yml @@ -0,0 +1,68 @@ +on: + push: + branches: [master, develop] + tags: [ v* ] + pull_request: + branches: [master, develop] +jobs: + offline: + name: Prepare custom offline package + # Useful to skip expensive CI when writing docs + if: "!contains(github.event.head_commit.message, 'skip ci')" + runs-on: + group: wire-server-deploy + steps: + - uses: actions/checkout@v2 + with: + submodules: true + - uses: cachix/install-nix-action@v27 + - uses: cachix/cachix-action@v15 + with: + name: wire-server + signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" + + - name: Install nix environment + run: nix-env -f default.nix -iA env + + - name: Run offline build + run: ./offline/ci.sh HELM_CHART_EXCLUDE_LIST=elasticsearch-curator,fluent-bit,kibana,redis-cluster,inbucket,aws-ingress,backoffice,calling-test,nginx-ingress-controller,postgresql + env: + GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' + DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + + - name: Get upload name + id: upload_name + run: | + # FIXME: Tag with a nice release name using the github tag... + # SOURCE_TAG=${GITHUB_REF#refs/tags/} + echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA-custom + # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA} + - name: Copy assets tarball to S3 + run: | + aws s3 cp assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz + echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" + env: + AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' + AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' + AWS_REGION: "eu-west-1" + + - name: Build and upload wire-server-deploy container + run: | + container_image=$(nix-build --no-out-link -A container) + skopeo copy --dest-creds "$DOCKER_LOGIN" \ + docker-archive:"$container_image" \ + "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}" + env: + DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + + - name: Deploy offline environment to hetzner + run: | + ./offline/cd.sh + env: + HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' + + - name: Clean up hetzner environment; just in case + if: always() + run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve) + env: + HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' diff --git a/offline/ci.sh b/offline/ci.sh index 93acc6c82..b2effd79b 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -3,6 +3,21 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" +# Default exclude list +HELM_CHART_EXCLUDE_LIST="inbucket" + +# Parse the HELM_CHART_EXCLUDE_LIST argument +for arg in "$@" +do + case $arg in + HELM_CHART_EXCLUDE_LIST=*) + HELM_CHART_EXCLUDE_LIST="${arg#*=}" + ;; + esac +done +HELM_CHART_EXCLUDE_LIST=$(echo "$HELM_CHART_EXCLUDE_LIST" | jq -R 'split(",")') +echo "Excluding following charts from the release: $HELM_CHART_EXCLUDE_LIST" + # Build the container image container_image=$(nix-build --no-out-link -A container) # if [[ -n "${DOCKER_LOGIN:-}" ]];then @@ -138,7 +153,13 @@ legacy_chart_release() { wire_build_chart_release () { set -euo pipefail wire_build="$1" - curl "$wire_build" | jq -r '.helmCharts | with_entries(select(.key != "inbucket")) | to_entries | map("\(.key) \(.value.repo) \(.value.version)") | join("\n") ' + curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" ' + .helmCharts + | with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not)) + | to_entries + | map("\(.key) \(.value.repo) \(.value.version)") + | join("\n") + ' } # pull_charts() accepts charts in format